Using puppet and ensure latest for RPM package management

Using ensure => latest, I have systems which do not need all of the same packages.

Will ensure => latest install the packages or only update if they already are present? If they are not present, I do not want them installed. This is to keep existing packages up to date with latest patches. I haven't tried it for fear of installing a package on a system which doesn't need it.


Solution 1:

Yes, it will install the package if not present.

You'll only want those resources declared on systems which have the packages - break them out into classes based on system role for those that have the packages installed.

Solution 2:

Yes, ensure => latest will install it if it's not present on the system.

You shouldn't have that package resource declared on a system which doesn't need it.